similar to: no // comments, please

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

Hello, I manage OpenSSH on a dozen or so servers that act as gateways for a large amount of developers and system administrators. On these servers it is common for there to be more than 1000 active X11 forwards active at peak usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional ports due to a hard coded range check in channels.c that limits the port range that sshd will

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

Hi, This also has been discussed in SSHSCI's SSH context. All SSH versions (both SSHSCI and OpenSSH) derive value for DISPLAY variable from `uname -n`. The problem is that the returned value is not necessarily resolvable to a valid IP number which in turn might cause a failure. To make it fool-proof I suggest to set DISPLAY to the interface's address the user has reached the system in

This issue has been discussed here and elsewhere a fair bit in the past year or so, but to re-address the issue... As of OpenSSH 2.9.something the ability to have an Xauthority located in /tmp was removed, with the following description in the ChangeLog : - markus at cvs.openbsd.org 2001/06/12 21:21:29 [session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since

Hi. In a case like this, I can get strip headings that have the name "c" and the value for c. d <- data.frame(a=1:5,b=6:10,c=11:15) > xyplot(a ~ b | paste("c", c), data=d) > For more complicated examples, instead of using paste repeatedly I would like to use a function. It seems like what I really want is a macro, though. I'm not quite familiar enough

Hi. I am having trouble thinking of an easy way to grab rows out of a data frame. I want to select the rows with a median value when the rows are similar. A simple example is this table, which I could read into a data frame. I would like to find a new data frame with only the rows with a median value for the "c" column given a certain "a" value. For example, the c values

Hi. I'm writing an article on network backups, and instead of using my old ssh1 software, I decided to go with openssh all the way. I got the hang of the openssh way of doing protocol 2 public key authentication, but ssh is failing to terminate when a pipe is broken. I am ssh-ing to a remote host and doing a cat or zcat of a dump file, then on the localhost, I'm using restore to extract

Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

https://bugzilla.mindrot.org/show_bug.cgi?id=2213 Bug ID: 2213 Summary: X11 forwarding to DISPLAY containing a hexadecimal-colon IPv6 address fails Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hi, I'm not subscribed, so keep me in cc. And thanks for having mailing-list open for posting. I had a couple of problems with OpenSSH on Solaris 8/MU3 + recent patches. 1) When I tried to use scp from any other host, sshd on Solaris host crashed with SIGSEGV. Here's the stack trace: core 'core.sshd.7637' of 7637: ./sshd -d -d -d fefb393c strncpy (ffbee074, 5, 7, 0,

When was Beta1 released? ;) Will this date show up in ogg's generated by it? Don't think I kept any of my beta1 oggs though. At that point I only ... hehe ... converted one mp3 to ogg, to see a bit of what it can do (I didn't have any wav's or CD's handy, ok? <g>) I already have the following noted down: 20000508 Beta 2 20001031 Beta 3 20010225 Beta 4

On Wed, May 23, 2001 at 10:49:54PM -0400, mugz wrote: > > I'm always a bit slow to report bugs i see, figuing someone else will > report it and that it will eventually get fixed. This one has been > somewhat of a problem for a while now. I run Linux Slackware -current and > just upgraded to OpenSSH 2.9p1, but I have noticed this same bug on every > platform and OS running

Hi. If I submit patches that make the prompts look more like prompts, would those patches be welcome? Before: ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa Need passphrase for /home/ecashin/.ssh/id_dsa Enter passphrase for /home/ecashin/.ssh/id_dsa After (model 1): ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa Need passphrase for /home/ecashin/.ssh/id_dsa Enter passphrase for

Hi, here's a patch so that ssh also supports hurd-i386. Thanks for incorporating. The patch comes from Robert Bihlmeyer <robbe at orcus.priv.at>. > openssh 2.2.0p1-1.1 does not build on the Hurd. The appended patch > fixes that. Changes in detail: > * PAM is not (yet?) supported, so the PAM dependencies are only put into > the control file on architectures != hurd-i386.

Hello, I upgraded (?) one of my machines to Linux kernel 2.4.0-test9, and sshd started failing. Specifically, the sshd child processes would segfault if a user requested X11 forwarding. I tracked the problem down to these bits of code: channels.c, x11_create_display_inet, line 1738: sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { if (errno != EINVAL) {

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>